Broken activity feed when image or line break used in comment
Summary
When someone posts a comment containing a line break, the produced Atom feed will be invalid.
Steps to reproduce
- Send a comment to containing either
foo\or
barfoo<br>barto an issue. - Visit project’s Activities Atom feed.
Example Project
Check https://gitlab.com/jtojnar/extensions.atom for example, which is broken by the first comment jtojnar/extensions#1.
What is the current bug behavior?
The feed will contain a literal <br> element, breaking the Atom feed.
What is the expected correct behavior?
The feed should contain a valid XML code.
Output of checks
This bug happens on GitLab.com
Possible fixes
See https://validator.w3.org/feed/docs/atom.html#text:
- The input needs to be sanitized to be valid XML if we want to use
type=xhtml, - or switch to
type=htmland- either escape the HTML code,
- or wrap it with
CDATA.